Deploying Azure Bicep using GitHub Actions

Using Azure Bicep and want to deploy your Bicep configuration to Azure using GitHub Actions, in this blog post I am going to show how you can achieve this!

What is Azure Bicep?

Its the Next Generation of ARM templates – Bicep is a Domain Specific Language (DSL) for ARM templates. Taken from the documentation:-

It aims to drastically simplify the authoring experience with a cleaner syntax and better support for modularity and code re-use. Bicep is a transparent abstraction over ARM and ARM templates, which means anything that can be done in an ARM Template can be done in bicep

Examples of Azure Bicep configurations can be found here:-

What is GitHub Actions?

They allow you to create workflows with your GitHub repository – similar to Azure DevOps Pipelines; they allow you create an automated workflow(s). They are pretty awesome!

Recommended reading

What is GitHub Actions for Azure

Azure/actions GitHub Repository

Bicep sample configuration

Before I show the sample configuration, I also recommend the Bicep extension for VSCode – it is awesome, with built-in Intellisense!

In my example, I want my Bicep file to deploy an Azure Virtual Network

param location string = resourceGroup().location
var virtualNetwork = {
  name: 'tamopsvnet'
  location: location
  addressPrefixes: [
  subnets: [
      name: 'testsubnet1'
      properties: {
        addressPrefix: ''
      name: 'testsubnet2'
      properties: {
        addressPrefix: ''
resource virtualnetwork 'Microsoft.Network/virtualNetworks@2020-06-01' = {
  location: virtualNetwork.location
  properties: {
    addressSpace: {
      addressPrefixes: virtualNetwork.addressPrefixes
    subnets: virtualNetwork.subnets

Folder Structure

    └── .github
       └── workflows
          └── azure-bicep-deploy.yml
    └── BicepFiles
       └── main.bicep

GitHub Repository Secrets

Within the GitHub repository to where you are going to be running the Bicep configuration, select settings -> secrets

Add 2 secrets

  • AZURE_SUBSCRIPTION_ID – Subscription ID of the Azure Subscription
  • AZURE_CREDENTIALS – in json format as below, this is the Service Principal that will be used for az login and to deploy your Bicep configuration
  "clientId": "<GUID>",
  "clientSecret": "<GUID>",
  "subscriptionId": "<GUID>",
  "tenantId": "<GUID>",

GitHub Action to Deploy Azure Bicep

To add this GitHub Action to your repository, within your GitHub Repo – select Actions -> Workflows -> New workflow
(Or if you merge into main branch with the folder structure above, it will automatically create the GitHub Action for you )

GitHub Action

name: 'AzureBicepDeploy'

    - main


    name: 'AzureBicepDeploy'
    runs-on: ubuntu-latest
      ResourceGroupName: tamops-bicep-rg
      ResourceGroupLocation: "uksouth"
    environment: production


    - uses: actions/checkout@v2

    - uses: azure/login@v1
        creds: ${{ secrets.AZURE_CREDENTIALS }}

    - name: Azure Bicep Build
      run: |
        az bicep build --file BicepFiles/main.bicep

    - name: Az CLI Create Resource Group
      uses: Azure/CLI@v1
        inlineScript: |
          az group create --name ${{ env.ResourceGroupName }} --location ${{ env.ResourceGroupLocation }}

    - name: Deploy Azure Bicep
      uses: Azure/arm-deploy@v1
        resourceGroupName: ${{ env.ResourceGroupName }}
        subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
        template: ./BicepFiles/main.json 

Use below if AZ CLI < 2.20.0

    - name: Azure Bicep Build
      run: |
        curl -Lo bicep
        chmod +x ./bicep
        ./bicep build BicepFiles/main.bicep

GitHub Repository example here

Hopefully you find this blog useful and give you a look into deploying Azure Bicep using GitHub Actions

1 comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s